Safer computing for your small office or home office

Presented by ESET

From kitchen table to corporate empire: It’s not just an American dream — it’s the real-life story of numerous successful American companies whose stock is now traded on Wall Street. Firms like eBay and Google all started out in a space that marketers and business analysts call SOHO (short for “small office/home office”). And with today’s digital technology, aspiring SOHO entrepreneurs have the potential to turn their dreams into reality faster than ever, even if that dream is as simple as running their own businesses at their own speed.

Unfortunately, the benefits of digital technology for SOHO come with some risks, from basic physical theft to infiltration by malicious code, hardware failures, and data ransoming. If you’re going to rely on computers to get your products and services to market, you need to take the appropriate steps to protect them. By identifying and understanding the risks and then taking steps to reduce them, you can enjoy the benefits of the technology without the worry.

What you need to protect digital devices in the SOHO environment is a combination of consumer and business computer security strategies. The most appropriate defensive strategies for the SOHO computing environment include backup, authentication, anti-malware, and encryption. When you shift from using your home computer for family fun to employing it for business, or when you decide to put business computers in your home office, those defensive technologies will be even more important. Here are additional strategies and dimensions you will want to consider.

Of small offices/home offices:

50% have been victims of cyberattacks.*

60% go out of business within six months of a data breach.*

*Source: National Small Business Association (NSBA)

3 big security ideas for small office/home office

Even a one-person business can benefit from some big-business security strategies.

This means making sure that everyone who accesses the system is accurately identified. This process is closely related to authentication — that is, entering a password to access a device — but with user identification, that password is linked to a named identity. For example, if you are using Windows or a Mac operating system, you probably know that both of these systems have the ability to log you in with an identity. When you do that, the system can keep track of your activity in a log.

As your operation grows and involves more than one person, this user accountability becomes increasingly important. Not only does knowing that their actions are being logged have a deterrent effect on people’s impulses to use the system inappropriately, but the logs are very useful if something does goes wrong and you need to determine “who did what and when.”

2. Segment and separate

This encompasses a range of strategies for preventing all of the company data from being accessible to everyone. If you are a one-person operation, you might think this doesn’t apply to you, but consider this: Mixing fun and business on the same device — be it laptop, smartphone, or tablet — may be convenient or even an economic necessity, but it can double your exposure to many security threats. In other words, you might want to consider drawing a line between the two roles. A simple way to do that is to use one computer for your business and another for home and personal use. A more affordable solution to consider is using your laptop for business and getting a tablet for personal stuff.

Virtual machine. A different approach to acquiring multiple computers is to run more than one copy of the operating system on a single computer. Each instance of the operating system is known as a virtual machine and can function separately from the others. Many of today’s laptop and desktop computers can support virtual machines using software like VMWare or Parallels. Use one virtual machine for personal activity and the other for business.

The cloud. Another viable technology for the SOHO is the cloud. For example, if you have a dependable high-speed Internet connection, you might consider using online applications and storage, such as Google Docs or Microsoft Office 365. These offer a full suite of applications for document creation, including word processing, presentations, and spreadsheets. You can store copies of all your documents online (although keeping local copies for backup is still a good idea). These services can grow with your project, enabling separate accounts for each person to provide individual access, as well as the ability to share files between users.

Your budding business should consider investing in two different types of policy early on.

Information security policy. This can start as a simple statement of your project’s commitment to protect all information that is entrusted to it. As you expand, you can add specific policies, like “All devices that handle company data must run antimalware software that is regularly updated.” Besides helping to keep all team members on the same page when it comes to security practices, having a good set of information security policies in place may just save the day when a potential client asks to see them before signing a contract with you. For policy templates, visit eset.com/us/it-policy

Insurance policy. You should have one that covers your equipment, but consider obtaining another that covers your operations and data, as well. So-called “cyber risk insurance” has evolved to help protect companies from inadvertent disclosure and theft of confidential information, as well as from other potential digital setbacks, allowing you to keep your focus on taking your business forward.